[slackware-security]  OpenSSH Security Advisory (SSA:2003-259-01)

Upgraded OpenSSH packages are available for Slackware 8.1, 9.0 and
-current.  These fix a buffer management error found in versions of
OpenSSH earlier than 3.7.  The possibility exists that this error
could allow a remote exploit, so we recommend all sites running
OpenSSH upgrade to the new OpenSSH package immediately.


Here are the details from the Slackware 9.0 ChangeLog:
+--------------------------+
Tue Sep 16 11:13:05 PDT 2003
patches/packages/openssh-3.7p1-i386-1.tgz:  Upgraded to openssh-3.7p1.
  From the OpenSSH Security Advisory
   (http://www.openssh.com/txt/buffer.adv):
      "All versions of OpenSSH's sshd prior to 3.7 contain a buffer
       management error.  It is uncertain whether this error is
       potentially exploitable, however, we prefer to see bugs
       fixed proactively."
  (* Security fix *)
+--------------------------+


WHERE TO FIND THE NEW PACKAGES:
+-----------------------------+

Updated package for Slackware 8.1: 
 

Updated package for Slackware 9.0: 
 

Updated package for Slackware -current: 
 


MD5 SIGNATURES:
+-------------+

Slackware 8.1 package:
a86d410e47fe8ab4a8e9f04293a94093  openssh-3.7p1-i386-1.tgz

Slackware 9.0 package:
ca1d0b1e658c5391067f2a9cf11fc239  openssh-3.7p1-i386-1.tgz

Slackware -current package:
c58003eaaf4362c8475f0f5a77f2adbb  openssh-3.7p1-i486-1.tgz


INSTALLATION INSTRUCTIONS:
+------------------------+

(This procedure is safe to do while logged in through OpenSSH)

Upgrade using upgradepkg (as root):
# upgradepkg openssh-3.7p1-i386-1.tgz

Restart OpenSSH:
. /etc/rc.d/rc.sshd restart


+-----+

Slackware Linux Security Team 
slackware
security@slackware.com

Slackware: openssh Buffer management error

September 16, 2003
These fix a buffer management error found in versions ofOpenSSH earlier than 3.7

Summary

Here are the details from the Slackware 9.0 ChangeLog: Tue Sep 16 11:13:05 PDT 2003 patches/packages/openssh-3.7p1-i386-1.tgz: Upgraded to openssh-3.7p1. From the OpenSSH Security Advisory (http://www.openssh.com/txt/buffer.adv): "All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. It is uncertain whether this error is potentially exploitable, however, we prefer to see bugs fixed proactively." (* Security fix *) WHERE TO FIND THE NEW PACKAGES: Updated package for Slackware 8.1: Updated package for Slackware 9.0: Updated package for Slackware -current: MD5 SIGNATURES: Slackware 8.1 package: a86d410e47fe8ab4a8e9f04293a94093 openssh-3.7p1-i386-1.tgz Slackware 9.0 package: ca1d0b1e658c5391067f2a9cf11fc239 openssh-3.7p1-i386-1.tgz Slackware -current package: c58003eaaf4362c8475f0f5a77f2adbb openssh-3.7p1-i486-1.tgz INSTALLATION INSTRUCTIONS: (This procedure is safe to do while logged in through OpenSSH) Upgrade using upgradepkg (as root): # upgradepkg openssh-3.7p1-i386-1.tgz Restart OpenSSH: . /etc/rc.d/rc.sshd restart Slackware Linux Security Team slackware security@slackware.com

Where Find New Packages

MD5 Signatures

Severity
[slackware-security] OpenSSH Security Advisory (SSA:2003-259-01)
Upgraded OpenSSH packages are available for Slackware 8.1, 9.0 and -current. These fix a buffer management error found in versions of OpenSSH earlier than 3.7. The possibility exists that this error could allow a remote exploit, so we recommend all sites running OpenSSH upgrade to the new OpenSSH package immediately.

Installation Instructions

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved